Want to get access to sensitive information about defense or intelligence employees? Impersonate a recruiter on LinkedIn. At least that’s what one Los Angeles, Calif. based dating coach did in an effort to snag a speaking slot at the hacker conference DefCon.
Using his fake LinkedIn profile, Jordan Harbinger was able to garner sensitive information from government contractors, government employees, and military personnel who identified as having a top secret security clearance. Harbinger was careful not to break the law or ask for classified information, but he was easily able to get potential job seekers to offer up information that violated Operations Security. In one case, he was able to access an individual’s personal and bank records. Another individual ponied up information about his debt (putting him at risk of blackmail).
In addition to posing as a recruiter Harbinger also set up an account impersonating an individual looking for advice on how to get a job with a defense industry employer. Using this profile Harbinger was able to garner information about testing facilities as well as the demographics and hiring make-up in specific offices.
Like all social engineering schemes, the idea was to pull together a few details, and build them into a robust picture of what work within a specific agency or organization looked like. And all under the guise of a completely made-up recruiter profile on a free social networking site.
It seems like a good time to offer a friendly reminder – the Cleared Network on ClearanceJobs.com is the only secure, password protected, un-search-engine-archived platform for secure social recruiting. Recruiters are actual people and only U.S. based companies may use the site. Update your profile here.